IP-Watch is a non-profit independent news service, and subscribing to our service helps support our goals of bringing more transparency to global IP and innovation policies. To access all of our content, please subscribe now. You also have the opportunity to offer additional support to your subscription, or to donate.

The Internet Corporation for Assigned Names and Numbers (ICANN) yesterday held a key signing ceremony implementing an advanced new security system for the internet domain name system (DNS). DNSSEC, DNS security extensions, is expected to secure the internet domain name system against cache poisoning and spoofing attacks by matching a private and public key every time a DNS request is answered. A failed match of the keys tells users that their request might have been hampered with somewhere along the way. After criticism over the fact that the master key for the central root zone, the heart of the DNS, is generated and stored in the US only, ICANN chose to invite trusted internet community members to hold parts of the master key. In a seven-hour ceremony outside Washington, DC yesterday, the first key set was generated with 21 experts from 18 different countries present. In the future for signing new keys at least three of the seven crypt officers have to be present. The so-called Zone Signing Key, a key sitting under the central Key Signing Key that ICANN holds, is generated by VeriSign, the US company with rights to the .com domain. On 15 July, the public part of the KSK will be published allowing validation of requests to the root zone.